Although the word surveillance in French literally means "watching over", the term is often used for all forms of observation or monitoring, not just visual observation. Nevertheless, the all-seeing "eye in the sky" is still a general icon of surveillance. Surveillance in many modern cities and buildings often uses closed-circuit television cameras. Although surveillance can be a useful tool for law enforcement and security companies, many people have concerns about the loss of privacy.

The word surveillance is commonly used to describe observation from a distance by means of electronic equipment or other technological means. For example:

However, surveillance also includes simple, relatively no- or low-technology methods such as direct observation, observation with binoculars, postal interception, or similar methods.

Impact of surveillance

The greatest impact of computer-enabled surveillance is the large number of organizations involved in surveillance operations:

The state and security services still have the most powerful surveillance systems, because they are enabled under the law. But today levels of state surveillance have increased, and using computers they are now able to draw together many different information sources to produce profiles of persons or groups in society.

Many large corporations now use various form of "passive" surveillance. This is primarily a means of monitoring the activities of staff and for controlling public relations. But some large corporations actively use various forms of surveillance to monitor the activities of activists and campaign groups who may impact their operations.

Many companies trade in information lawfully, buying and selling it from other companies or local government agencies who collect it. This data is usually bought by companies who wish to use it for marketing or advertising purposes.

Personal information is obtained by many small groups and individuals. Some of this is for harmless purposes, but increasingly sensitive personal information is being obtained for criminal purposes, such as credit card and other types of fraud.

Modern surveillance cannot be totally avoided. However, non-state groups may employ surveillance techniques against an organization, and some precautions can reduce their success. Some states are also legally limited in how extensively they can conduct general surveillance of people they have no particular reason to suspect.

Note: In all the forms of surveillance mentioned below, the issue of patterns is important. Although in isolation a single piece of communications data seems useless, when collected together with the communications data of other people it can disclose a lot of information about organizational relationships, work patterns, contacts and personal habits. The collection and processing of communications data is largely automated using computers. See also Traffic analysis.

Telephones and mobile telephones

The official and unofficial tapping of telephone lines is widespread.

The contracts or licenses by which the state controls telephone companies means that they must provide access for tapping lines to the security services and the police.

For mobile phones the major threat is the collection of communications data. These not only include information about the time and duration of the call, but also from where the call was made and to whom. These data can be determined generally because the geographic communications cell that the call was made in is stored with the details of the call. But it is also possible to get greater resolution of a person's location by combining information from a number of cells surrounding the person's location.

Mobile phones are, in surveillance terms, a major liability. This liability will only increase as the new third-generation (3G) phones are introduced. This is because the base stations will be located closer together .

Postal services

As more people use faxes and e-mail the significance of the postal system is decreasing. (This may not be the case in all countries, certainly the case with international communications, but probably not local.) But interception of post is still very important to security services.

Surveillance devices, or "bugs"

Surveillance devices, or "bugs", are not really a communications medium, but they are a device that requires a communications channel. A "bug" usually involves a radio transmitter, but there are many other options for carrying a signal; you can send radio frequencies through the main wiring of a building and pick them up outside, you can pick up the transmissions from a cordless phones, and you can pick up the data from poorly configured wireless computer networks or tune in to the radio emissions of a computer monitor.

Bugs come in all shapes and sizes. The original purpose of bugs was to relay sound. Today the miniaturization of electronics has progressed so far that even TV pictures can be broadcast via bugs that incorporate miniature video cameras (something made popular recently during TV coverage sports events, etc.). The cost of these devices has dramatically fallen.

A recent trend has been the development of surveillance devices or bugs concurrently with that of popular electronic devices. For example, a new surveillance gadget system involves the insertion of recording devices and cameras and communication devices into MP3 players and laptops; the surveillance agents pretending to be listening to music with MP3 players (such as Walkmans) or using laptops then sit near their targets to record their conversation. The control center gives commands to the surveillance agents through the laptops. The popularity of such items as MP3/MP4 players and laptops helps mask the widespread surveillance conducted in society after 9/11. The system is employed by the Department of Homeland Security among others.

Computer surveillance

At a basic level, computers are a surveillance target because large amounts of personal information are stored on them. Anyone who can access or remove a computer can retrieve information. If someone is able to install software on a computer system, they can turn the computer into a surveillance device.

Computers can be tapped by a number of methods, ranging from the installation of physical bugs or surveillance software to the remote interception of the radio transmissions generated by the normal operation of computers.

Spyware, a term coined by self-proclaimed computer security expert Steve Gibson, is often used to describe computer surveillance tools that are installed against a user's will. High-speed Internet connections have made computers more vulnerable than ever before.

Photography

Photography is becoming more valuable as a means of surveillance. In recent years there has been a significant expansion in the level of stills and video photography carried out at public demonstrations in many countries. At the same time there have been advances in closed circuit television (CCTV) technology and computer image processing that enable digital images taken from cameras to be matched with images stored in a database.

Photographs have long been collected as a form of evidence. But as protest and civil disobedience become an ever-greater liability to governments and corporations, images are gathered not only as evidence for prosecution, but also as a source of intelligence information. The collection of photographs and video also has another important function — it scares people

Closed-circuit television

Closed-circuit television (CCTV) — with which the picture is viewed or recorded, but not broadcast — initially developed as a means of security for banks. Today it has developed to the point where it is simple and inexpensive enough to be used in home security systems, and for everyday surveillance.

The widespread use of CCTV by the police and governments has developed over the last 10 years. In the UK, cities and towns across the country have installed large numbers of cameras linked to police authorities. The justification for the growth of CCTV in towns is that it deters crime — although there is still no clear evidence that CCTV reduces crime. The recent growth of CCTV in housing areas also raises serious issues about the extent to which CCTV is being used as a social control measure rather than simply a deterrent to crime.

The development of CCTV in public areas, linked to computer databases of people's pictures and identity, has been argued by some to present a risk to civil liberties.

Electronic trails

Modern society creates large amounts of transaction data. In the past this data would be documented in paper records and would leave a "paper trail" but today many of these records are electronic, resulting in an "electronic trail" that is easily reconstructed through automated means. Every time you use a bank machine, pay by credit card, use a phone card, make a call from home, or otherwise complete a recorded transaction you generate an electronic record. When aggregated and analyzed, this information can identify individual behavior patterns that describe how you live and work.

One way to protect autonomy and individual freedom in a paper-based world is through anonymous transactions, for example by using cash. When transactions are electronic, that anonymity may be lost.

Today, large aggregations of transaction information are assembled by marketing, credit reporting, and other data aggregation companies in order to analyze consumer behavior to determine how companies should manage their marketing or sales strategies, or to assess counterparty "trust" for financial transaction. These data sets are also sold to other companies or to government agencies for additional use.

The availability of large data sets of transaction information facilitates the use of automated surveillance or analysis techniques such as data mining to perform dataveillance

Data profiling of individuals

Data profiling in this context is the process of assembling information about a particular individual in order to generate a profile — that is, a picture of their patterns and behavior (compare this use of the term data profiling with that used in statistics or data management where data profiling is the examination of information describing the data or data set itself).

Data profiling is used in security, law enforcement and intelligence operations for a variety of applications — for example, to assess "trust" for security clearances or to grant authorization relating to a trusted system, or to identify or apprehend suspects or threats. The government is able to access information from third parties — for example, banks, credit companies or employers, etc. — by requesting access informally, by compelling access through the use of subpoenas or other procedures, or by purchasing data from commercial data aggregators or data brokers. Under United States v. Miller (1976), data held by third parties is generally not subject to Fourth Amendment warrant requirements. Private companies and private investigators can also generally access or purchase data from these aggregators.

Information relating to any individual transaction is easily available because it is not generally highly valued in isolation, however, when many such transactions are aggregated they can be used to assemble a detailed profile revealing the actions, habits and preferences of the individual.

In the past, much information about individuals has been protected by practical obscurity (a term used by Justice Stevens in his opinion in USDOJ v. Reporters Committee, 1989). Practical obscurity refers to the practical difficulty of aggregating or analyzing a large number of data points in different physical locations. In addition, information was often transient and not easily available after the fact. Further, even where data was available, correlation of paper-based records was a laborious process. Electronic, particularly digital, record-keeping has undermined this practical obscurity by making data easily available and potentially making aggregation and analysis possible at significantly lower costs.

Thus, as more information becomes available in electronic form — for example, as public records such birth, court, tax and other records are made available online — the ability to create very detailed data profiles increases and may raise concerns.

Biometric surveillance

Biometric surveillance refers to technologies that measure and analyze human physical and/or behavioral characteristics for authentication, identification, or screening purposes. Examples of physical characteristics include fingerprints, eye retinas and irises, DNA, facial patterns and hand measurements, while examples of mostly behavioral characteristics include signature, gait, voice, and typing patterns. All behavioral biometric characteristics have a physiological component. Another form of behavioral biometrics has been introduced by IBM in 2006, called the Smart Surveillance System, or S3, which uses video surveillance and algorithms to detect suspicious activity or behavior and will send an alert when necessary. Most forms of biometric surveillance are still in the research and developmental mode. As the technologies for biometric surveillance become more accurate and reliable, it may become more popular to use the body as a password, instead of using PINs or pass codes.

The main advantages of biometrics over standard identification and validation systems are:

Biometric traits cannot be lost or forgotten (while passwords can)

Biometric traits are difficult to copy, share and distribute (while passwords can be announced in websites of crackers)

Biometrics require the person being authenticated to be present at the time and point of authentication

A biometric system can provide the following three functions:

Verification: Is the person who he claims to be? A person’s identity can be checked if his/her biometric information is already known and stored on a card or in a database.

Identification: Who is the person? Biometric information can be extracted from a person and compared with other entries of a database to see if the resulting match provides one clear answer.

Screening: Is the person on a watch-list? Biometric information can be used to determine if a person is cleared to be in a restricted area, or if the person is on a watch list (e.g. the F.B.I. Most Wanted list).

As a means of combating the problem of people carrying or falsifying credentials, researchers are increasingly looking at biometrics — measuring biological or physical characteristics — as a way to determine identity. One of the oldest forms of biometrics is fingerprints. Every finger of every person (identical twins included) has a unique pattern, and these have been used for many years to help identify suspects in police inquiries. A finger/thumb print can be reduced to a brief numeric description, and such systems are being used in banks and secure areas to verify identity. However, it should be noted that as of 2006, electronic fingerprint readers are subject to high error rates, misidentifying individuals as frequently as one time in ten.

A more recent development is DNA fingerprinting, which looks at some of the major markers in the body's DNA to produce a match. However, the match produced is less accurate than ordinary fingerprints because it only identifies people to a certain probability of matching. Further, identical twins have identical DNA, and so are indistinguishable by this method.

Handwriting — primarily one's signature — has been used for many years to determine identity. However other characteristics of the individual can also be used to check identity. Voice analysis has been used for some as a means to prove identity, but it is not suited to portable use because of the problems of storing a range of voiceprints. But perhaps the two most viable portable systems, because identities can be reduced to a series of numeric data points rather than a detailed image or sound, are:

Iris recognition. Some banks are now using this method of security. The human iris has a unique pattern that can be reduced to a simple series of numeric descriptions. The iris reader matches the pattern of the iris to one stored and verifies the match.

Facial recognition. The configuration of the facial features can be used to accurately identify one individual from another. Again, the configuration can be reduced to a short numeric description.

By combining some form of personal identifying feature, with a system of verification it is possible to do everything from buying food to travelling abroad. The important issue is how this information is managed in order to reduce the likelihood of tracking. If you were to combine a particular biometric system with new smart card technology to store the description, that system would be immune from tracking (unless the transaction produced a document/electronic trail). However, if the identifying features are stored centrally, and a whole range of systems have access to those descriptions, it is possible that other uses could be made of the data; for example, using high resolution CCTV images with a database of facial identities in order to identify people at random.

Identities

As we move towards the development of electronic identities, it becomes more difficult for people to hide their identities. The development of electronic identities could, therefore, be perceived as an infringement of people's civil liberties. There are two aspects to this:

Development of systems of credentials — where you carry a card or a document; and

Development of biometrics — where you are recognized from your unique biological characteristics.

The development of identity systems is being pushed on two fronts:

The banking industry, who wish to find a more fool-proof system of verifying financial transactions than the possession of a plastic card or the use of a signature;

Law enforcement, as a way of identifying individuals easily.

One of the simplest forms of identification is the carrying of credentials. Some countries have an identity card system to aid identification, whilst many, such as Britain, are considering it but face public opposition. Other documents, such as driver's licenses, library cards, bankers or credit cards are also used to verify identity. One problem with identity based on credentials is that the individual must carry them, and be identifiable, or face a legal penalty. This problem is compounded if the form of the identity card is "machine-readable," usually using an encoded magnetic stripe that corroborates the subject's identifying data. In this case it may create a document trail as it is used to verify transactions, like, for instance, swiping an ID card before entering a night club or bar to confirm age and possibly aid police in case of a criminal incident on the premises.

Human operatives and social engineering

The most invasive form of surveillance is the use of human operatives. This takes two forms:

The use of operatives to infiltrate an organization; and

The use of social engineering techniques to obtain information.

In groups dealing with issues that are directly contrary to government policy the issue of infiltration often arises. Also, where groups oppose large corporations, infiltration by agents of the corporation may occur. As well as operatives, the police and security services may put pressure on certain members of an organization to disclose the information they hold on other members.

Running operatives is very expensive, and for the state the information recovered from operatives can be obtained from less problematic forms of surveillance. If discovered, it can also be a public relations disaster for the government or corporation involved. For these reasons, the use of operatives to infiltrate organizations is not as widespread as many believe. But infiltration is still very likely from other organizations who are motivated to discover and monitor the work of campaign groups. This may be for political or economic motivations. There are also many informal links between large corporations and police or security services, and the trading of information about groups and activists is part of this relationship.

It is not possible to guard against the infiltration of an organization without damaging the viability or effectiveness of the organization. Worrying too much about infiltration within the organization can breed mistrust and bad working relationships within an organization. Rather like other forms of surveillance, the professional infiltration of operatives into an organization is difficult to guard against.

Another more likely scenario, especially when dealing with third-party collections agencies or banks seeking debt payment, as well as the media or corporate public relations, is social engineering, also known as "pretexting." This involves the inquiring agent phoning or physically talking to the subject in a way as to make him believe they are someone else, or someone with an innocuous interest in the subject. The inquirer's real, clandestine interest is to obtain some specific information that they believe the subject possesses. This form of information gathering is most often used, on a regular basis, by financial operatives pursuing delinquent debts.

In order to avoid disclosing sensitive information to undesirable third parties, precautions may be taken:

One should not disclose sensitive information over the telephone or in person to unverified third parties.

Social engineering may be identified by asking a series of questions to see if the inquirer is aware of facts or future plans that they should not be aware of. In case the inquirer claims to represent a familiar financial institution or other "trusted" organization, one may ask for a number to call back, which may then be verified, either through a phone directory or organization web site.

Journalists for well known media organization can be verified by phoning the editor of that organization, but freelance or independent journalists should be treated with care — they could be working for anyone.

In case one is member of certain organizations, such as activist groups, a balance between privacy and accessibility is often necessary, especially when running a public campaign. This often requires a security policy for dealing with media and other inquiries.

Natural surveillance

Natural surveillance is a term used in "Crime Prevention Through Environmental Design" (CPTED) and "Defensible Space" models for crime prevention. These models rely on the ability to influence offender decisions preceding criminal acts. Research into criminal behavior demonstrates that the decision to offend or not to offend is more influenced by cues to the perceived risk of being caught than by cues to reward or ease of entry. Consistent with this research CPTED based strategies emphasize enhancing the perceived risk of detection and apprehension.

Natural surveillance limits the opportunity for crime by taking steps to increase the perception that people can be seen. Natural surveillance occurs by designing the placement of physical features, activities and people in such a way as to maximize visibility and foster positive social interaction. Potential offenders feel increased scrutiny and limitations on their escape routes. It is typically free of cost, however its effectiveness to deter crime varies with the individual offender.

Jane Jacobs, North American editor, urban activist, urban planning critic, and author of The Death and Life of Great American Cities (1961), formulated the natural surveillance strategy based on her work in New York's Greenwich Village. Natural surveillance is naturally occurring. As people are moving around an area, they will be able to observe what is going on around them, provided the area is open and well lit. Supporting a diversity of uses within a public space is highly effective. Other ways to promote natural surveillance include low landscaping, street lights, street designs that encourage pedestrian use, removing hiding and lurking places, and placing high risk targets, such as expensive or display items, in plain view of legitimate users, such as near a receptionist or sales clerk.

Included in the design are features that maximize visibility of people, parking areas and building entrances: doors and windows that look out on to streets and parking areas, see-through barriers (glass brick walls, picket fences), pedestrian-friendly sidewalks and streets, and front porches. Designing nighttime lighting is particularly important: uniform high intensity "carpet" lighting of large areas is discouraged, especially where lights glare into (and discourage) observers eyes. In its place is feature lighting that draws the observer's focus to access control points and potential hiding areas. Area lighting is still used, but with shielded and cut-off luminaries to control glare. Light sources are typically placed lower to the ground, at a higher density, and with lower intensity than the lighting it is designed to replace.

Any architectural design that enhances the chance that a potential offender will be, or might be, seen is a form of natural surveillance. Often, it is not just the fact that the offender might be seen that matters. It is that the offender "thinks" they will be seen that can help deter the opportunity for crime. (See also security lighting.)

Counter surveillance, inverse surveillance, sousveillance

Surveillance is the art of watching over the activities of persons or groups from a position of higher authority. Surveillance may be covert (without their knowledge) or overt (perhaps with frequent reminders such as "we are watching over you"). Surveillance has been an intrinsic part of human history. Sun Tzu's The Art of War, written 2,500 years ago, discusses how spies should be used against a person's enemies. But modern electronic and computer technology have given surveillance a whole new field of operation. Surveillance can be automated using computers, and people leave extensive records that describe their activities.

Counter surveillance is the practice of avoiding surveillance or making surveillance difficult. Before computer networks, counter surveillance involved avoiding agents and communicating secretly. With recent developments — the Internet, increasing prevalence of electronic security systems, and computer databases — counter surveillance has grown in scope and complexity. Now counter surveillance involves everything from knowing how to delete a file on a computer to avoiding becoming the target of direct advertising agencies.

Inverse surveillance is the practice of reversalism on surveillance, e.g., citizens photographing police, shoppers photographing shopkeepers, and passengers photographing cab drivers who usually have surveillance cameras in their cabs. A well-known example is George Holliday's recording of the Rodney King beating. Inverse surveillance attempts to subvert the Panoptic gaze of surveillance, and often attempts to subvert the secrecy of surveillance through making the inverse surveillance recordings widely available (in contrast to the usually secret or restricted surveillance tapes).

Sousveillance (a term coined by Steve Mann, a professor at the University of Toronto) is inverse surveillance that includes the recording of an activity by a participant in the activity. Recent sousveillance workshops such as Microsoft's Continuous Archival and Recording of Personal Experience are evidence of a growing sousveillance industry including Microsoft (wearable cameras), Nokia, Hewlett Packard ("Casual Capture") and many others.

Clinical surveillance is the monitoring of events (including, for example, the occurrences of infectious diseases or chronic diseases) with a significant impact on public health. Increasingly, clinical surveillance is being used to inform public policy in allocating health care resources and meeting patient needs. As health care becomes increasingly dependent on information systems and the use of clinical surveillance becomes more widespread, privacy concerns may arise. Patient-centeredness is a form of clinical sousveillance in which information is managed with equiveillance and transparency.

Equiveillance is the balance between surveillance and sousveillance. Ian Kerr and Steve Mann have suggested that equiveillance might better preserve the contextual integrity of veillance data